6 comments:

Thanks for this blog post! Good to know what can make a difference while using TLS.

At the beginning of your test you mention that the current versions of MySQL do not support SSL at all. Does this not contradict the documentation of MySQL itself. see link: https://dev.mysql.com/doc/refman/5.5/en/using-secure-connections.html

But from the code:https://github.com/mysql/mysql-server/blob/5.5/vio/viosslfactories.c#L225https://github.com/mysql/mysql-server/blob/5.6/vio/viosslfactories.c#L228https://github.com/mysql/mysql-server/blob/5.7/vio/viosslfactories.c#L534

So both 5.5 and 5.6 use TLSv1_server_method() which only does TLSv1.0

MySQL 5.7 (since 5.7.10 iirc) uses SSLv23_server_method which can currently do SSLv2, SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2 (TLSv1.2 only with OpenSSL, not with YaSSL). But as SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 are set it won't do SSLv2 or SSLv3.